...and the boundaries between the types are pretty much set in stone at
this time - you can't
easily change what roles can do - there's staff_r, sysadm_r, secadm_r,
user_r, system_r,
and that's it.
...unless you modify policy sources.
You're right. The problem isn't that RBAC isn't flexible - it's _too_
flexible. I think it would be confusing to admins to write policy. Maybe
if we could create some sort of friendly app with the most-common macros
an admin could want to use, and their descriptions... I guess we're
moving in the right direction with those management apis...hmm
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
